1
00:00:00,910 --> 00:00:02,470
‫S m p p.

2
00:00:03,630 --> 00:00:08,700
‫Serves on board 25 and it's used for sending and receiving emails.

3
00:00:10,710 --> 00:00:16,140
‫So the service has two interesting commands that reveal information about the mail server users.

4
00:00:17,490 --> 00:00:22,440
‫They are ESPN and the RF, why?

5
00:00:24,910 --> 00:00:28,750
‫There are numerous ways to get names or these commands.

6
00:00:29,990 --> 00:00:33,410
‫But let's go and check out the MSF auxiliaries.

7
00:00:34,720 --> 00:00:44,230
‫So these auxiliary modules probe the SMTP server on the target for the version and then list the SMTP

8
00:00:44,470 --> 00:00:54,780
‫server users, so you have SMTP port open on Métis, voidable to services that SMTP.

9
00:00:55,570 --> 00:00:56,620
‫And here's the info.

10
00:00:58,030 --> 00:01:03,890
‫SMTP verify, that's a command that helps you to check for users.

11
00:01:04,790 --> 00:01:07,820
‫And before using any module, I want to show you that.

12
00:01:08,930 --> 00:01:16,850
‫From the MSF console tray, you can connect s.m TV service on metastable suitable to.

13
00:01:18,490 --> 00:01:25,780
‫Tell net 10 that tend to tend to five and the connections established.

14
00:01:27,120 --> 00:01:31,020
‫So verify, admit there is no admin.

15
00:01:32,030 --> 00:01:36,260
‫Verify Métis point, OK, no user with that name.

16
00:01:37,650 --> 00:01:44,040
‫Verify MSF admin, OK, yes, so I found one username.

17
00:01:45,290 --> 00:01:49,700
‫Verify route, yeah, second username.

18
00:01:50,800 --> 00:01:53,450
‫Verify administrator.

19
00:01:54,370 --> 00:01:55,810
‫OK, no user with that name.

20
00:01:56,940 --> 00:02:01,140
‫Verify, says another correct username.

21
00:02:02,150 --> 00:02:10,110
‫I think you get the point because without any vulnerability, you get usernames, exit telnet.

22
00:02:11,480 --> 00:02:13,460
‫It was a great telnet.

23
00:02:16,110 --> 00:02:20,340
‫OK, so, as always, search for SMTP auxiliaries.

24
00:02:22,230 --> 00:02:26,580
‫And first, pick a SMTP version.

25
00:02:29,460 --> 00:02:30,900
‫Show options.

26
00:02:33,940 --> 00:02:41,230
‫OK, so I will set our host to tend not tend to not run for and run the module.

27
00:02:44,250 --> 00:02:47,160
‫So this is the SMTP service Baner.

28
00:02:48,790 --> 00:02:50,110
‫Now, let's pick another module.

29
00:02:51,640 --> 00:02:53,620
‫SMTP Inam.

30
00:02:55,000 --> 00:02:55,900
‫Show options.

31
00:02:57,340 --> 00:02:59,710
‫And I will very quickly set our hosts.

32
00:03:03,030 --> 00:03:06,120
‫So let me check if everything is fine with all the variables.

33
00:03:08,650 --> 00:03:12,760
‫OK, so set threads to 10 and run the module.

34
00:03:17,430 --> 00:03:24,030
‫So I think I have a problem with model execution, did you catch it because it lasts a whole lot longer

35
00:03:24,030 --> 00:03:25,620
‫than it ought to.

36
00:03:26,550 --> 00:03:27,030
‫So.

37
00:03:28,650 --> 00:03:31,640
‫Let's set thread's one again.

38
00:03:32,700 --> 00:03:33,900
‫And run the module.

39
00:03:37,680 --> 00:03:42,210
‫And this time it works and here are the SMTP users.

40
00:03:43,140 --> 00:03:45,060
‫So make a note of these users.

41
00:03:46,240 --> 00:03:49,720
‫You're going to be able to use them and the brute force dictionaries.